Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Comodo
Comodo CIS Bug fix policy
Message
<blockquote data-quote="wat0114" data-source="post: 1101081" data-attributes="member: 91306"><p>Respectively, the rules for it can be more restrictive than this, as in my DNS rule I also restricted svchost to remote IP addresses cloudflare (1.1.1.1, 1.0.0.1).</p><p></p><p>I could have done the same, for example, for Windows time to remote port 123, and/or remote HTTP (port 80), but I chose not to. It is actually a lot of work to create rules like this for all running applications requiring network comms in any application firewall, including Windows firewall, but with a better interface, this work can be reduced. Windows firewall has the serious limitation of not supporting wildcards in path rules, and I seem to remember Comodo has a similar limitation - not quite the same - one that I posted elsewhere some time ago in another forum here:</p><p></p><p>[URL unfurl="true"]https://www.wilderssecurity.com/threads/comodo-auto-containment-comparable-to-sandboxie.425260/page-2#post-2974270[/URL]</p><p></p><p> Keep in mind also with Comodo, that all settings once configured can be backed up and restored at any time if necessary.</p><p></p><p>Btw, even though in Comodo, svchost rules can not be tied to specific services it hosts, I believe this is not a security issue. That's because any svchost rule in comodo will affect <u>all services</u> it is hosting. Windows firewall w/Advanced security has the option to tie svchost rules to specific services it hosts, but one can also create rules that affect all services:</p><p></p><p>[ATTACH]285396[/ATTACH]</p><p></p><p>Therefore the rule created this way would apply to all running svchost processes in Windows.</p><p></p><p>Not defending Comodo and those in charge of its development, just trying to state facts as I understand them. As for malicious processes harnessing svchost or any other Windows process for comms, well it should be contained in the sandbox with the Cruel setup or similar, thereby mitigating or eliminating that threat.</p><p></p><p>Assuming Melih is in charge, I would like to see him either:</p><ol> <li data-xf-list-type="ol">Spearhead an initiative to investigate and fix all reported bugs and shortcomings and provide a free version, or</li> <li data-xf-list-type="ol">Spearhead an initiative to investigate and fix all reported bugs and charge a fee (freemium) for it, or</li> <li data-xf-list-type="ol">Announce and discontinue the development of the free version and post a disclaimer to "use at your own risk"</li> </ol></blockquote><p></p>
[QUOTE="wat0114, post: 1101081, member: 91306"] Respectively, the rules for it can be more restrictive than this, as in my DNS rule I also restricted svchost to remote IP addresses cloudflare (1.1.1.1, 1.0.0.1). I could have done the same, for example, for Windows time to remote port 123, and/or remote HTTP (port 80), but I chose not to. It is actually a lot of work to create rules like this for all running applications requiring network comms in any application firewall, including Windows firewall, but with a better interface, this work can be reduced. Windows firewall has the serious limitation of not supporting wildcards in path rules, and I seem to remember Comodo has a similar limitation - not quite the same - one that I posted elsewhere some time ago in another forum here: [URL unfurl="true"]https://www.wilderssecurity.com/threads/comodo-auto-containment-comparable-to-sandboxie.425260/page-2#post-2974270[/URL] Keep in mind also with Comodo, that all settings once configured can be backed up and restored at any time if necessary. Btw, even though in Comodo, svchost rules can not be tied to specific services it hosts, I believe this is not a security issue. That's because any svchost rule in comodo will affect [U]all services[/U] it is hosting. Windows firewall w/Advanced security has the option to tie svchost rules to specific services it hosts, but one can also create rules that affect all services: [ATTACH]285396[/ATTACH] Therefore the rule created this way would apply to all running svchost processes in Windows. Not defending Comodo and those in charge of its development, just trying to state facts as I understand them. As for malicious processes harnessing svchost or any other Windows process for comms, well it should be contained in the sandbox with the Cruel setup or similar, thereby mitigating or eliminating that threat. Assuming Melih is in charge, I would like to see him either: [LIST=1] [*]Spearhead an initiative to investigate and fix all reported bugs and shortcomings and provide a free version, or [*]Spearhead an initiative to investigate and fix all reported bugs and charge a fee (freemium) for it, or [*]Announce and discontinue the development of the free version and post a disclaimer to "use at your own risk" [/LIST] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
